Secure Coding in C and C++
[Posted September 27, 2005 by ris]
| From: |
| eric.garulay-AT-pearsoned.com |
| To: |
| lwn-AT-lwn.net |
| Subject: |
| Secure Coding in C and C++ |
| Date: |
| Mon, 26 Sep 2005 17:41:12 EDT |
NEW BOOK ANNOUNCEMENT:
Secure Coding in C and C++
By Robert Seacord
Attached is a sample chapter, which you may excerpt on your site,
called : Integer Security.
www.awprofessional.com/title/0321335724
Here is a link to the detailed description page with TOC, Preface, and Index.
Learn the Root Causes of Software Vulnerabilities and How to Avoid Them
Commonly exploited software vulnerabilities are usually caused by avoidable
software defects. Having analyzed nearly 18,000 vulnerability reports over
the past ten years, the CERT/Coordination Center (CERT/CC) has determined
that a relatively small number of root causes account for most of them. This
book identifies and explains these causes and shows the steps that can be
taken to prevent exploitation. Moreover, this book encourages programmers to
adopt security best practices and develop a security mindset that can help
protect software from tomorrow's attacks, not just today's.
Drawing on the CERT/CC's reports and conclusions, Robert Seacord
systematically identifies the program errors most likely to lead to security
breaches, shows how they can be exploited, reviews the potential
consequences, and presents secure alternatives.
Coverage includes technical detail on how to:
Improve the overall security of any C/C++ application
Thwart buffer overflows and stack-smashing attacks that exploit insecure
string manipulation logic
Avoid vulnerabilities and security flaws resulting from the incorrect use of
dynamic memory management functions
Eliminate integer-related problems: integer overflows, sign errors, and
truncation errors
Correctly use formatted output functions without introducing format-string
vulnerabilities
Avoid I/O vulnerabilities, including race conditions
Secure Coding in C and C++ presents hundreds of examples of secure code,
insecure code, and exploits, implemented for Windows and Linux. If you're
responsible for creating secure C or C++ software--or for keeping it safe--no
other book offers you this much detailed, expert assistance.
I look forward to speaking with you about excerpts, reviews and author
interview opportunities. Please feel free to contact me as necessary.
Cheers,
EG
(
Log in to post comments)